info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Proposal - memorizing simple passwords which are hard to crack.
43 views
Skip to first unread message
Stefan Claas
Dec 23, 2021, 12:51:42 PM12/23/21
to
Hi all,
A fun way for Alice and Bob might be that they both use
Argon2id for a shared password key, when one of them
travels and does not carry any devices.
The idea here is to use memorized passwords from which
a hash can be created, acting as either password or encryption
key for symmetric encryption.
Normally when one creates a password, humans most likely
create them in a way that they are written from left to right
and not reverse, otherwise IMHO GPU cracking rigs, like Interpol
has, would probably not been so successful, with hashcat.
Since hashcat AFAIR does not (yet) support Argon2, let's look
how Alice can memorize a password key.
Once Alice arrived at her destination, she purchases a Notebook
and a computer magazine with a popular Linux CD on it.
She then installs argon2 with 'sudo apt-get install argon2'
and then rot13 with 'sudo apt-get install hxtools.
Creating the simple password:
$ echo -n 'apas1is2a3nice4place' | rev | rot13 (etc.)
Result: rpnyc4rpva3n2fv1fncn
Creating the salt:
$ echo -n 'and1has2good3people' | rev | rot13 | rev (etc.)
Result: naq1unf2tbbq3crbcyr
$ echo -n 'apas1is2a3nice4place' | rev | rot13 | argon2 naq1unf2tbbq3crbcyr -id
Type: Argon2id
Iterations: 3
Memory: 4096 KiB
Parallelism: 1
Hash: a835b066d46b39fadae919968c247b302ac372aa6fb879d896c13b3b37235d28
Encoded: $argon2id$v=19$m=4096,t=3,p=1$bmFxMXVuZjJ0YmJxM2NyYmN5cg$qDWwZtRrOfra6RmWjCR7MCrDcqpvuHnYlsE7OzcjXSg
0.000 seconds
Verification ok
As one can see from a simple password and a simple salt, Alice
has now generated (with standard parameters) a hash, which she
can use as encryption key or as a login-in password for a temporary
email account, which, in case her password would include other
languages, she can use then.
Regards
Stefan
A fun way for Alice and Bob might be that they both use
Argon2id for a shared password key, when one of them
travels and does not carry any devices.
The idea here is to use memorized passwords from which
a hash can be created, acting as either password or encryption
key for symmetric encryption.
Normally when one creates a password, humans most likely
create them in a way that they are written from left to right
and not reverse, otherwise IMHO GPU cracking rigs, like Interpol
has, would probably not been so successful, with hashcat.
Since hashcat AFAIR does not (yet) support Argon2, let's look
how Alice can memorize a password key.
Once Alice arrived at her destination, she purchases a Notebook
and a computer magazine with a popular Linux CD on it.
She then installs argon2 with 'sudo apt-get install argon2'
and then rot13 with 'sudo apt-get install hxtools.
Creating the simple password:
$ echo -n 'apas1is2a3nice4place' | rev | rot13 (etc.)
Result: rpnyc4rpva3n2fv1fncn
Creating the salt:
$ echo -n 'and1has2good3people' | rev | rot13 | rev (etc.)
Result: naq1unf2tbbq3crbcyr
$ echo -n 'apas1is2a3nice4place' | rev | rot13 | argon2 naq1unf2tbbq3crbcyr -id
Type: Argon2id
Iterations: 3
Memory: 4096 KiB
Parallelism: 1
Hash: a835b066d46b39fadae919968c247b302ac372aa6fb879d896c13b3b37235d28
Encoded: $argon2id$v=19$m=4096,t=3,p=1$bmFxMXVuZjJ0YmJxM2NyYmN5cg$qDWwZtRrOfra6RmWjCR7MCrDcqpvuHnYlsE7OzcjXSg
0.000 seconds
Verification ok
As one can see from a simple password and a simple salt, Alice
has now generated (with standard parameters) a hash, which she
can use as encryption key or as a login-in password for a temporary
email account, which, in case her password would include other
languages, she can use then.
Regards
Stefan
Stefan Claas
Dec 23, 2021, 1:51:42 PM12/23/21
to
while ago on IPFS.
https://ipfs.io/ipfs/QmSi8ThsocYzV39SAokSvoLu1QS7ciADot9eZv1kQiffhY
Source code can be found here:
https://github.com/sac001/Argon2id
Regards
Stefan
Stefan Claas
Dec 23, 2021, 2:27:57 PM12/23/21
to
On Thursday, December 23, 2021 at 6:51:42 PM UTC+1, Stefan Claas wrote:
is stacking and is *not* needed multiple times, which one
person explained to me. So *don't* do that!
Regards
Stefan
Stefan Claas
Dec 24, 2021, 7:48:12 AM12/24/21
to
On Thursday, December 23, 2021 at 8:27:57 PM UTC+1, Stefan Claas wrote:
> BIG OUCH and SORRY folks, the proposal with rot13 | rev etc.
>
> is stacking and is *not* needed multiple times, which one
> person explained to me. So *don't* do that!
Adding a base64 into the mix should be ok, like rev | rot | base64 ...
> BIG OUCH and SORRY folks, the proposal with rot13 | rev etc.
>
> is stacking and is *not* needed multiple times, which one
> person explained to me. So *don't* do that!
On the other side I have written for German-speaking users 'ms' (my story)
which prints out a cryptographic secure random 20 chars string, as five groups,
consisting of four alphanumeric chars in each group, which users can memorize
based on their own story. It is based on the knowledge of a cryptographer.
Regards
Stefan
Stefan Claas
Dec 24, 2021, 12:36:02 PM12/24/21
to
0 new messages